CVE-2017-0144
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2017-03-17

Last updated on: 2026-04-22

Assigner: Microsoft Corporation

Description
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2017-03-17
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2024-11-28
EPSS Evaluated
2025-08-20
NVD
CVE-2017-0144
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
microsoft server_message_block 1.0
microsoft windows_10_1511 *
microsoft windows_7 *
microsoft windows_8.1 to 6.3.9600.20520 (inc)
microsoft windows_server_2008 *
microsoft windows_server_2012 *
microsoft windows_vista *
siemens acuson_p300_firmware 13.02
siemens acuson_p300_firmware 13.03
siemens acuson_p300_firmware 13.20
siemens acuson_p300_firmware 13.21
siemens acuson_p300 *
siemens acuson_p500_firmware va10
siemens acuson_p500_firmware vb10
siemens acuson_p500 *
siemens acuson_sc2000_firmware From 4.0 (inc) to 4.0e (exc)
siemens acuson_sc2000_firmware 5.0a
siemens acuson_sc2000 *
siemens acuson_x700_firmware 1.0
siemens acuson_x700_firmware 1.1
siemens acuson_x700 *
siemens syngo_sc2000_firmware From 4.0 (inc) to 4.0e (exc)
siemens syngo_sc2000_firmware 5.0a
siemens syngo_sc2000 *
siemens tissue_preparation_system_firmware *
siemens tissue_preparation_system *
siemens versant_kpcr_molecular_system_firmware *
siemens versant_kpcr_molecular_system *
siemens versant_kpcr_sample_prep_firmware *
siemens versant_kpcr_sample_prep *
microsoft windows_server_2012 r2
microsoft windows_server_2008 r2
microsoft windows_10_1607 to 10.0.14393.4467 (inc)
microsoft windows_server_2016 to 10.0.14393.4467 (inc)
microsoft windows_rt_8.1 to 6.3.9600.20520 (inc)
microsoft windows_10_1507 to 10.0.10240.18967 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
Currently, no data is known.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, known as CVE-2017-0144, affects certain versions of Microsoft Windows. It allows attackers to send specially crafted packets to the SMBv1 server, which can lead to the execution of arbitrary code. This means that an attacker could potentially take control of the affected system remotely.

Impact Analysis

If your system is running one of the affected versions of Windows, this vulnerability could allow an attacker to gain unauthorized access to your computer. They could execute harmful actions, such as stealing data or installing malicious software, which could compromise your personal information and security.

Compliance Impact

This vulnerability could impact compliance with regulations like GDPR and HIPAA because it poses a risk to the security of personal and sensitive data. If an attacker exploits this vulnerability and gains access to protected information, it could lead to data breaches, which are serious violations of these regulations.

Mitigation Strategies

You should apply the patches provided by Microsoft for the affected versions of Windows. You can find more information and guidance on the official Microsoft security advisory page for CVE-2017-0144.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-0144. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart